While I have not used pppoe, a moment of Googling found http://www.openbsdsupport.org/obsd_dsl.html which was written for OpenBSD 3.5 and updated for OpenBSD 3.7. Proceed with caution, as there were six releases and three years between it's publication and the release you are using now. I have not read the document, but it shows altq being used with tun0.

It seems that pf altq can work on a tun0 device, so it should be working. So it seems that you have some problems with your configuration.

The first one I can think of would be that altq lists figures in kilobytes per second, whereas DSL links talk in killobits per second. That would make your figures way too high, meaning that the altq rules would have no effect.

How do you know that it is not working? Do you get errors, or is it just that it does not seem to limit the speed?

__________________The only dumb question is a question not asked.
The only dumb answer is an answer not given.

I'm not using pppoe to link with dsl modem, but to authenticate user in network, but when i setup altq on for example tun0 this does not limit users bandwidth.
"pppoe is running in userland, and packets are not flowing by the kernel, so packets cannot be limited" Is it true ?

I just like to know from what interface assign queues to rules on tun interface? From LAN or from tun ?

If you want to control traffic on the tun interface, then you will need rules on the tun interface. If you want to know the number of giraffes, you will need to count the giraffes. Counting the elephants won't help you.

And to repeat, "how is down_queue_from_altq_on_lan configured?"

__________________The only dumb question is a question not asked.
The only dumb answer is an answer not given.

But i cant reach transfer rate which is defined on altq definition. For example when i try to download something i have smth about 20 KB/s? Another thing, this traffic on tun0 is also getting to my standard queue on $LAN physical interface(i have little leaks on standard queue (std_lan), from my network which is no yet running with pppoe). How i check the traffic is getting to std_lan queue on $LAN interface, when i trying to download something via tun0, std_lan start increasing...I hope you understand me

1. You can only control OUTBOUND traffic queues. Inbound packets cannot be queued or limited -- they must be processed as they arrive. That is the nature of IP traffic. If you want to queue incoming traffic, you can only do that if PF is used in a router -- e.g.: traffic destined for your internal LAN may be shaped as it leaves your OpenBSD system for another.

2. I do not clearly understand your use of pppoe, but, if it is only used for authentication, and not for data transfer, as you mentioned above -- then you will only have a short handshake for authentication and authorization and no traffic worth attempting to queue.

3. pftop has a history of not keeping up with pf changes; at least in the last year or two. I do not recall it's exact state with 4.3, but it produces misleading state table values at 4.4 and -current. You might be better off using pfctl -vs state and pfctl -vs queue to ensure accurate assessment of state tables and queues.

Last edited by jggimi; 20th September 2008 at 12:26 PM.
Reason: clarification of inbound shaping

1. But pf adds the keep state and flags S/SA to all rules by default, and the packets which are returning are matched to download queue..

2. I want smth like this:First step: user dial up to my server. If login and pass is ok then step twoSecond step: system creating tun* device, on which will be data transfered, and i want to limit this traffic by pf ??? Am i wrong ?

Note that queueing is only useful for packets in the outbound direction. Once a packet arrives on an interface in the inbound direction it's already too late to queue it -- it's already consumed network bandwidth to get to the interface that just received it. The only solution is to enable queueing on the adjacent router or, if the host that received the packet is acting as a router, to enable queueing on the internal interface where packets exit the router.

But i cant reach transfer rate which is defined on altq definition. For example when i try to download something i have smth about 20 KB/s?

So your problem is, not that altq is not working, but something else somewhere else is not allowing you to reach the full bandwidth that you have specified in pf.conf?

Quote:

Another thing, this traffic on tun0 is also getting to my standard queue on $LAN physical interface(i have little leaks on standard queue (std_lan), from my network which is no yet running with pppoe). How i check the traffic is getting to std_lan queue on $LAN interface, when i trying to download something via tun0, std_lan start increasing...I hope you understand me

Perfectly. Why did you think it would be any other way? tun is a virtual interface (i.e. created in sofwtware), that allows user processes (like ppp) to become a network device. In your case, the packets, wrapped in ppp headers, will exit via $LAN, and will be seen there by traffic counters and restricted by any altq rules you have on $LAN.

__________________The only dumb question is a question not asked.
The only dumb answer is an answer not given.

I'll have to leave that to someone else. I have no idea how state and altq work together. Just note that ppp traffic to and from the tun and pppoe will hit both the tun and the lan interface, and that any limiting inbound traffic generally just won't work: All packets will be received as fast as they are sent - All that altq does is queue them all up and present them to the system at that speed. A well behaved remote host sending the packets should get the idea eventually from the delay in getting its acks back (alternately, it could just get impatient and resend the packets!), but that is all you are relying on. (I don't know if the pppoe client is 'well-behaved' in this manner or not!)

__________________The only dumb question is a question not asked.
The only dumb answer is an answer not given.